Lucene search
K
FoxitsoftwareReader

143 matches found

CVE
CVE
added 2020/01/16 9:55 p.m.102 views

CVE-2019-5131

Foxit PDF Reader (Foxit Reader) is affected by a use-after-free vulnerability in the JavaScript engine for version 9.7.0.29435 (and possibly earlier per advisories). A specially crafted PDF can trigger reuse of a previously freed object, enabling arbitrary code execution. Exploitation requires th...

8.8CVSS8.7AI score0.02422EPSS
CVE
CVE
added 2020/01/16 9:59 p.m.99 views

CVE-2019-5126

CVE-2019-5126 affects Foxit PDF Reader (and related Foxit products) with an exploitable use-after-free in the JavaScript engine of Foxit Reader 9.7.0.29435. A specially crafted PDF can trigger a freed object reuse, enabling arbitrary code execution. Attack requires user action to open the malicio...

8.8CVSS8.7AI score0.03485EPSS
CVE
CVE
added 2020/01/16 10:1 p.m.99 views

CVE-2019-5145

CVE-2019-5145 describes an exploitable use-after-free in the Foxit PDF Reader JavaScript engine (version 9.7.0.29435). The vulnerability occurs when a crafted PDF triggers reuse of a freed object, enabling arbitrary code execution. Impact is arbitrary code execution with high severity (per CVSS a...

8.8CVSS8.7AI score0.03107EPSS
CVE
CVE
added 2020/01/16 10:0 p.m.98 views

CVE-2019-5130

CVE-2019-5130 is a use-after-free vulnerability in Foxit PDF Reader (JavaScript engine). Multiple connected sources (Talos: Foxit PDF Reader 9.7.0.29435; Red Hat/NVD: same code path) describe that a crafted PDF can trigger a freed object to be reused, enabling arbitrary code execution. The vulner...

8.8CVSS8.7AI score0.02312EPSS
CVE
CVE
added 2019/10/02 3:55 p.m.93 views

CVE-2019-5031

CVE-2019-5031 affects Foxit PDF Reader, version 9.4.1.16828. The vulnerability is a memory corruption in the V8/JavaScript engine that can be triggered by a specially crafted PDF, causing an out-of-memory condition and arbitrary code execution. Exploitation requires the user to open the malicious...

8.8CVSS8.8AI score0.0604EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.82 views

CVE-2018-3942

CVE-2018-3942 is an exploitable use-after-free in Foxit PDF Reader’s JavaScript engine (Foxit Software) affecting version 9.1.0.5096. A specially crafted PDF can cause a previously freed object to be reused, enabling arbitrary code execution. The vulnerability requires the user to open the malici...

8.8CVSS8.3AI score0.03155EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.81 views

CVE-2018-3940

CVE-2018-3940 concerns Foxit PDF Reader’s JavaScript engine. The issue is a use-after-free vulnerability in Foxit PDF Reader 9.1.0.5096 that can be triggered by a specially crafted PDF, allowing memory reuse of a previously freed object. An attacker must entice the user to open the malicious file...

8.8CVSS7.9AI score0.02114EPSS
CVE
CVE
added 2021/01/07 5:5 p.m.79 views

CVE-2018-20315

CVE-2018-20315 affects Foxit Reader prior to 9.5 and Foxit PhantomPDF prior to 8.3.10 or 9.x prior to 9.5. A race condition in these products can lead to a stack-based buffer overflow or an out-of-bounds read. The available documents identify the vulnerable components and the underlying issue but...

8.1CVSS8.1AI score0.00816EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.79 views

CVE-2018-3993

CVE-2018-3993 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (Foxit PDF Reader v9.2.0.9297). A specially crafted PDF can reuse a freed object, enabling arbitrary code execution. The attack requires user interaction (opening a malicious PDF); if a browser plugin extensio...

8.8CVSS8.3AI score0.03155EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.78 views

CVE-2018-3962

Foxit PDF Reader (version 9.1.0.5096) is affected by a use-after-free in the JavaScript engine when accessing CreationDate on this.info. The vulnerability can be triggered when a user opens a malicious PDF file, and, if the browser plugin extension is enabled, by visiting a malicious site. The do...

8CVSS7.6AI score0.02497EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.77 views

CVE-2018-3944

CVE-2018-3944 is a use-after-free vulnerability in Foxit Software’s PDF Reader JavaScript engine (version 9.1.0.5096). A specially crafted PDF can trigger reuse of a freed object, leading to arbitrary code execution. Exploitation requires user interaction: the user must open the malicious PDF; if...

8.8CVSS8.2AI score0.02577EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.76 views

CVE-2018-3965

CVE-2018-3965 is a use-after-free in Foxit PDF Reader’s JavaScript engine (Foxit PDF Reader 9.1.0.5096). A specially crafted PDF can trigger reuse of freed memory, allowing arbitrary code execution. Exploitation requires user action (open the malicious PDF); if a browser plugin is enabled, visiti...

8CVSS8.3AI score0.06043EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.74 views

CVE-2018-3961

CVE-2018-3961 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096). The flaw occurs when accessing the Creator property of the this.info object, enabling potentially arbitrary code execution. Exploitation vectors described in the connected Talos write-up ...

8CVSS7.9AI score0.02361EPSS
CVE
CVE
added 2016/10/31 10:0 a.m.73 views

CVE-2016-8878

Foxit Reader and Foxit PhantomPDF (Windows) prior to 8.1 are affected by an out-of-bounds read in the XFA data stream when the gflags utility is enabled, allowing remote code execution via a crafted BMP in a PDF. Impact listed as arbitrary code execution with high severity (CVSS v3: HIGH, 8.8). A...

8.8CVSS8.7AI score0.0259EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.73 views

CVE-2018-3943

Foxit Reader/PhantomPDF CVE-2018-3943 is a use-after-free in Foxit’s PDF Reader JavaScript engine (Foxit Reader 9.1.0.5096). A crafted PDF can reuse a freed object, allowing arbitrary code execution. Exploitation requires user action (opening the malicious file); if a browser plugin extension is ...

8.8CVSS8.2AI score0.02577EPSS
CVE
CVE
added 2020/04/22 8:50 p.m.71 views

CVE-2020-10890

Foxit PhantomPDF 9.7.0.29478 is affected by CVE-2020-10890 due to a flaw in the communication API’s ConvertToPDF command that allows an attacker-controlled data write to arbitrary files, enabling remote code execution in the context of the current process. Exploitation requires user interaction (...

8.8CVSS8.8AI score0.0217EPSS
CVE
CVE
added 2021/01/07 4:58 p.m.70 views

CVE-2018-20311

CVE-2018-20311 affects Foxit Reader before 9.5 and Foxit PhantomPDF before 8.3.10 and 9.x before 9.5. The issue is a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. The description does not specify affected versions beyond those ranges or expl...

8.1CVSS8.1AI score0.00816EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.70 views

CVE-2018-3957

Foxit PDF Reader 9.1.0.5096 contains a use-after-free in the JavaScript engine triggered by accessing the this.info Keywords property. An attacker can exploit this by convincing a user to open a malicious PDF file; if the browser plugin extension is enabled, visiting a malicious site may also tri...

8CVSS7.9AI score0.02895EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.69 views

CVE-2018-3946

CVE-2018-3946 : A use-after-free in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096) allows arbitrary code execution. A specially crafted PDF can reuse a freed memory object, enabling exploitation. User interaction is required: the attacker must persuade the user to open a malicious PDF;...

8.8CVSS8.2AI score0.03155EPSS
CVE
CVE
added 2020/04/22 8:50 p.m.69 views

CVE-2020-10892

CVE-2020-10892 affects Foxit PhantomPDF (and Foxit Reader/PhantomPDF family) with a vulnerability in the API communication handling of the CombineFiles command. The flaw allows an attacker to write an arbitrary file with data under attacker control, enabling remote code execution in the context o...

8.8CVSS8.8AI score0.0217EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.68 views

CVE-2018-3941

CVE-2018-3941 describes a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine affecting version 9.1.0.5096. A specially crafted PDF can trigger reuse of a previously freed object in memory, enabling arbitrary code execution. Exploitation requires the user to open a malicious file...

8.8CVSS8.3AI score0.03155EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.67 views

CVE-2018-3960

CVE-2018-3960 is a use-after-free in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096). The vulnerability occurs when accessing the Producer property of the this.info object. Exploitation depends on social/drive-by user action: a user must open a specially crafted malicious PDF file, or, ...

8CVSS7.9AI score0.02361EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.67 views

CVE-2018-3967

Foxit PDF Reader 9.1.0.5096 contains a use-after-free in the JavaScript engine. A specially crafted PDF can cause a previously freed object to be reused, enabling arbitrary code execution. Exploitation requires user action (opening the crafted file); if the browser plugin is enabled, visiting a m...

8CVSS8.3AI score0.06219EPSS
CVE
CVE
added 2020/09/04 3:31 a.m.67 views

CVE-2020-11493

CVE-2020-11493 affects Foxit Reader and PhantomPDF prior to 10.0.1 and 9.7.3 respectively. The issue stems from a direct transformation from a PDF Object to a Stream without adequately handling a crafted XObject, allowing an uninitialized object to leak sensitive information. The result is an inf...

8.1CVSS7.6AI score0.00932EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.66 views

CVE-2018-17621

Foxit Reader 9.0.1.5096 is affected by CVE-2018-17621. The flaw affects the handling of Format events and stems from not validating the existence of an object before performing operations, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening...

8.8CVSS7.8AI score0.0358EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.66 views

CVE-2018-3964

CVE-2018-3964 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096) that can be triggered by a specially crafted PDF. The vulnerability allows an attacker to cause arbitrary code execution by reusing freed memory when JavaScript objects are manipulated, wi...

8CVSS8.3AI score0.09482EPSS
CVE
CVE
added 2018/10/03 3:0 p.m.66 views

CVE-2018-3966

CVE-2018-3966 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (version 9.1.0.5096) that can be triggered by opening a specially crafted PDF or, if the browser plugin is enabled, by viewing the document in a web browser. The vulnerability allows arbitrary code execution d...

8CVSS8.3AI score0.06219EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.65 views

CVE-2018-3958

CVE-2018-3958 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (Foxit PDF Reader, version 9.1.0.5096). The defect occurs when accessing the Subject property of the this.info object. Exploitation requires user interaction: convincing a user to open a malicious PDF file, or...

8CVSS7.9AI score0.02895EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.64 views

CVE-2018-17691

CVE-2018-17691 affects Foxit PhantomPDF (9.2.0.9297 and likely earlier); the issue arises in the HTML-to-PDF conversion when the software fails to validate an object’s existence before performing operations. This use-after-free style flaw enables remote code execution with the attacker hosting a ...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2021/01/07 5:3 p.m.64 views

CVE-2018-20313

Foxit Reader before 9.5 and PhantomPDF before 8.3.10 and 9.x before 9.5 are affected by a race condition in proxyPreviewAction that can cause a stack-based buffer overflow or an out-of-bounds read. The vulnerability is due to improper synchronization in the proxy action handling, enabling memory ...

8.1CVSS8.1AI score0.00816EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.64 views

CVE-2018-3945

Foxit PDF Reader (Windows) vulnerable to CVE-2018-3945 through a use-after-free in the JavaScript engine of Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF can trigger reuse of a previously freed object, enabling arbitrary code execution when a user opens the malicious file. Several ...

8.8CVSS8.3AI score0.03197EPSS
CVE
CVE
added 2018/10/02 9:0 p.m.64 views

CVE-2018-3959

CVE-2018-3959 affects Foxit PDF Reader 9.1.0.5096. It is a use-after-free in the JavaScript engine triggered when accessing the this.info.Author property, exploitable by tricking a user into opening a malicious PDF or via a browser plugin. Cisco Talos describes it as enabling remote code executio...

8CVSS7.9AI score0.02361EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.63 views

CVE-2018-17658

CVE-2018-17658 affects Foxit Reader 9.2.0.9297 and earlier, where the vulnerability stems from improper handling of the host object’s respose property and a lack of validating object existence before operations. This allows remote code execution in the context of the current process and requires ...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2021/01/07 4:54 p.m.63 views

CVE-2018-20309

CVE-2018-20309 affects Foxit Reader prior to 9.5 and PhantomPDF prior to 8.3.10, plus 9.x builds prior to 9.5. The issue is a race condition in the proxyGetAppEdition path that can cause a stack-based buffer overflow or an out‑of‑bounds read. Impact is described in the CVE as memory corruption wi...

8.1CVSS8.1AI score0.00816EPSS
CVE
CVE
added 2021/01/07 4:56 p.m.63 views

CVE-2018-20310

The connected CNVD-2021-04398 describes a vulnerability affecting Foxit Reader and Foxit PhantomPDF where a race condition can lead to a stack buffer overflow or an out-of-bounds read. The CVE-2018-20310 entry itself identifies Foxit Reader before 9.5 and PhantomPDF before 8.3.10 and 9.x before 9...

8.1CVSS8.1AI score0.00863EPSS
CVE
CVE
added 2018/05/24 9:0 p.m.63 views

CVE-2018-5680

CVE-2018-5680 affects Foxit Reader prior to 9.1 and Foxit PhantomPDF prior to 9.1. The vulnerability arises in the processing of specially crafted PDF files that contain embedded u3d images, due to insufficient validation of user-supplied data which can cause a read past the end of an allocated o...

8.8CVSS8.6AI score0.03371EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.62 views

CVE-2018-17662

CVE-2018-17662 affects Foxit Reader 9.2.0.9297 on Windows. The flaw is a perform-operation-on-an-object-after-not-validating-its-existence in the Host.beep method, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The i...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.62 views

CVE-2018-3992

CVE-2018-3992 is a use-after-free vulnerability in Foxit PDF Reader’s JavaScript engine (version 9.2.0.9297). A specially crafted PDF can reuse a freed memory object, leading to arbitrary code execution. Exploitation requires user action to open the malicious file; if the browser plugin extension...

8.8CVSS8.3AI score0.02848EPSS
CVE
CVE
added 2018/10/08 4:0 p.m.62 views

CVE-2018-3997

The CVE-2018-3997 entry concerns Foxit PDF Reader. A use-after-free in the JavaScript engine of Foxit PDF Reader, version 9.2.0.9297, can be triggered by a specially crafted PDF, causing reuse of a previously freed object and arbitrary code execution. An attacker must entice the user to open the ...

8.8CVSS8.3AI score0.03039EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.61 views

CVE-2018-17629

Foxit Reader 9.1.0.5096 is affected by a template-objects handling vulnerability that allows remote code execution. The root cause is failure to validate the existence of an object before performing operations on it, enabling an attacker to run code in the current process. Exploitation requires u...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.61 views

CVE-2018-17701

CVE-2018-17701 affects Foxit PhantomPDF (9.2.0.9297 and earlier per CNVD) on Windows. The flaw is an out-of-bounds/read past end in the JSON handling due to insufficient input validation, enabling arbitrary code execution in the context of the target process. Exploitation requires user interactio...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2021/01/07 5:7 p.m.61 views

CVE-2018-20316

CVE-2018-20316 concerns Foxit Reader prior to 9.5 and PhantomPDF prior to 8.3.10 and 9.x prior to 9.5, where a proxyDoAction race condition can lead to a stack-based buffer overflow or an out-of-bounds read. This race condition is the underlying issue differentiating it from CVE-2018-20310 (diffe...

8.1CVSS8.1AI score0.00816EPSS
CVE
CVE
added 2018/10/29 10:0 p.m.60 views

CVE-2018-17623

CVE-2018-17623 affects Foxit Reader 9.0.1.5096 and variants where the flaw is in the handling of Link objects. The root cause is the lack of validating an object’s existence before performing operations, enabling remote code execution in the context of the current process when a user visits a mal...

8.8CVSS8.8AI score0.03279EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.60 views

CVE-2018-17642

Foxit Reader (v9.2.0.9297 and earlier) is affected by a TimeField colSpan handling flaw that can allow remote code execution. The issue stems from not validating the existence of an object before performing operations, enabling an attacker to run code in the context of the current process. Exploi...

8.8CVSS7.8AI score0.03918EPSS
CVE
CVE
added 2021/01/07 5:1 p.m.60 views

CVE-2018-20312

Affected software: Foxit Reader before 9.5; PhantomPDF before 8.3.10 and 9.x before 9.5. Root cause: a proxyDoAction race condition. Consequence: could cause a stack-based buffer overflow OR an out-of-bounds read. No remediation or exploitation status provided in the supplied documents.

8.1CVSS8.1AI score0.00816EPSS
CVE
CVE
added 2021/01/07 5:4 p.m.60 views

CVE-2018-20314

CVE-2018-20314 affects Foxit Reader before 9.5 and PhantomPDF before 8.3.10 (and 9.x before 9.5). The underlying issue is a proxyCheckLicence race condition that can lead to a stack-based buffer overflow or an out-of-bounds read. Impacted products include Foxit Reader/PhantomPDF, with potential f...

8.1CVSS8.1AI score0.0084EPSS
CVE
CVE
added 2016/10/31 10:0 a.m.59 views

CVE-2016-8877

CVE-2016-8877 describes a heap-based buffer overflow in Foxit Reader and PhantomPDF before 8.1 on Windows. A crafted JPEG2000 image embedded in a PDF enables remote code execution (arbitrary code) with potential impact to confidentiality, integrity, and availability. Affected products: Foxit Read...

8.8CVSS9AI score0.02942EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.59 views

CVE-2018-17675

CVE-2018-17675 concerns Foxit Reader. The vulnerability exists in the handling of the removeDataObject method of a document and stems from not validating the existence of an object before performing operations. It enables remote code execution in the context of the current process on vulnerable F...

8.8CVSS7.8AI score0.03314EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.59 views

CVE-2018-17688

CVE-2018-17688 affects Foxit PhantomPDF/Reader on Windows; a memory misreference in the ComboBox setItems handling leads to a use-after-free condition, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). Targets include P...

8.8CVSS8.8AI score0.03855EPSS
CVE
CVE
added 2019/01/24 4:0 a.m.59 views

CVE-2018-17703

Foxit Reader (Windows) is affected, including version 9.2.0.9297 and earlier, with vulnerabilities tied to the handling of the defaultValue property of ComboBox objects. The underlying flaw is a failure to validate the existence of an object before performing operations, resulting in a use-after-...

8.8CVSS7.8AI score0.03855EPSS
Total number of security vulnerabilities143